Skip to content

Step 6 postinstall script

Jump to bottom
Joe Workman edited this page Jan 16, 2020 · 7 revisions

Step 6 - Create the postinstall script

In the postinstall script add in the following payload. The LaunchDaemon must be moved to a system's /Library/LaunchDaemons/ directory in the postinstall script.

#!/bin/sh

# set the LaunchDaemon variable with the name of the LaunchDaemon
DAEMON="com.jumpcloud.prestage.plist"

# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER=''

# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD=''

cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF

# Move LaunchDaemon to /Library/LaunchDaemons/
if [[ ! -f "/Library/LaunchDaemons/${daemon}" ]]; then
  mv "/var/tmp/${daemon}" "/Library/LaunchDaemons/"
fi

# Set Permissions
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 "/Library/LaunchDaemons/${daemon}"
chown root:wheel "/Library/LaunchDaemons/${daemon}"

# load the LaunchDaemon
launchctl load -w "/Library/LaunchDaemons/${daemon}"

Populate the ENROLLMENT_USER='' and the ENROLLMENT_USER_PASSWORD='' with the values specified for this account in Step 2

Example:

#!/bin/sh

# set the LaunchDaemon variable with the name of the LaunchDaemon
DAEMON="com.jumpcloud.prestage.plist"

# Enter the ENROLLMENT_USER within the '' of ENROLLMENT_USER=''
ENROLLMENT_USER='Welcome'

# Enter the ENROLLMENT_USER_PASSWORD within the '' of ENROLLMENT_USER_PASSWORD='' with the credentials of the admin with a secure token
ENROLLMENT_USER_PASSWORD='Welcome1!'

cat <<-EOF >/var/run/JumpCloud-SecureToken-Creds.txt
$ENROLLMENT_USER;$ENROLLMENT_USER_PASSWORD
EOF

# Move LaunchDaemon
if [[ ! -f "/Library/LaunchDaemons/${daemon}" ]]; then
  mv "/var/tmp/${daemon}" "/Library/LaunchDaemons/"
fi

# Set Permissions
chmod 744 /var/tmp/jumpcloud_bootstrap_template.sh
chown root:wheel /var/tmp/jumpcloud_bootstrap_template.sh
chmod 644 "/Library/LaunchDaemons/${daemon}"
chown root:wheel "/Library/LaunchDaemons/${daemon}"

# load the LaunchDaemon
launchctl load -w "/Library/LaunchDaemons/${daemon}"

The presences of the JumpCloud-SecureToken-Creds.txt file is require to install the JumpCloud agent with the JumpCloud Service Account. The JumpCloud Service Account is mandatory to manage Secure Tokens and FileVault enabled users. The JumpCloud-SecureToken-Creds.txt is deleted by the agent install process and removed from the system.

Table of Contents

Configuration Steps

Troubleshooting

Clone this wiki locally